Cryptography is used to secure data. In many systems, knowledge of a key allows access to the data and lack of knowledge of the key secures the data against access. Preferably, the key used to secure data is selected from a sufficiently large set of possible keys that an attacker cannot guess the key by exhaustive trial and error, even with the use of large amounts of computing resources. Usually, a key selected from a large set will be too long for people to remember, so it is necessary to employ a system that stores the key on behalf of the user and requires a passphrase to be entered before the key can be used. The passphrase, which can be a memorized password or PIN (Personal Identification Number), is typically converted directly into a cryptographic key and used to encrypt and decrypt the user's stored keys. Unfortunately, if the PIN or password is short enough for the user to remember, it is also short enough for an attacker to guess by exhaustive trial and error, thereby undermining the security of the stored key, and in turn undermining the security of the encrypted data.
One solution to the problem described above is to use central key management, wherein the keys are stored on a centralized server that is itself secured from access by attackers. When an attacker with access to a system having secured data thereon uses the brute force attack and tries each possible short passphrase, the centralized server receives a query from the system each time a passphrase is tried. Once the centralized server notices an unusual number of attempts, it can choose to ignore all further queries from that system and/or send alerts to a fraud manager or trigger alarms, if that is part of the design of the centralized server.
The use of centralized key servers to secure data is known. In a typical arrangement, the system that maintains data secured by the key (the “key client”) authenticates itself to the key server and the key server authenticates itself to the key client. Following the mutual authentication, a client-server session is established wherein the client requests keys from a key server. In such an arrangement, the security of the system as a whole depends on the security of this initial authentication between client and server.